2 min
Patch Tuesday
September Patch Tuesday Roundup
Microsoft's patch for September includes 4 Critical Bulletins and 5 Important
Bulletins covering 11 vulnerabilities.
A couple vulnerabilities are worth noting including:
MS10-064 a vulnerability in Microsoft Outlook allows for Remote Code Execution.
This is the classic drive-by malware in which the attacker sends a malicious
email message to the victim. Simply by opening the contents of an email, the
attacker can gain full control of the victim's machine. Organizations should
conduct user aw
2 min
Patch Tuesday
August Patch Tuesday Roundup
Microsoft's patch this month, which consists of 14 bulletins that address 34
vulnerabilities, is the largest since October 2009. With the massive amount of
work that lies ahead, it may help to prioritize your work.
Josh Abraham, Rapid7 Security Researcher, recommends that you pay particular
attention to MS10-054. This vulnerability in the SMB protocol “is potentially
the most dangerous vulnerability as it allows unauthenticated attackers to
execute arbitrary codes on remote machines.” Abrah
4 min
Patch Tuesday
December Microsoft Patch Tuesday Roundup
Time once again for this month's summary of the latest Microsoft Security
updates. NeXpose (including the free NeXpose Community Edition) users will have
coverage within 24 hours or less. Metasploit already had a module for the IE
exposure. Here's the breakdown ...
6 updates, with 12 vulnerabilities covered. Here's the breakdown:
MS09-069: Rated Critical. Potential Denial of Service via ISAKMP through IPsec
affecting LSASS, covering 1 vulnerability: CVE-2009-3675. Important to note that
W
2 min
Patch Tuesday
December Microsoft Patch Tuesday Preview
Sheldon here with a preview of what's coming out in next week's Microsoft Patch
Tuesday …
6 updates in total, covering 12 vulnerabilities. Windows, IE, and Office are
affected.
Bulletin 1: Remote Code Execution affects all supported Windows versions, rated
Important on most, Moderate on XP, and Critical on Server 2008. This will be
the second highest priority out of the Critical updates – particularly if you
have deployed Windows Server 2008.
Bulletin 2: Remote Code Execution doesn't aff
3 min
Microsoft
November Microsoft Patch Tuesday Roundup
Time once again for this month's summary of the latest Microsoft Security
updates …
6 updates, with 15 vulnerabilities covered. Here's the breakdown:
MS09-063: Rated Critical. Potential Remote Code Execution via Memory Corruption
in Web Services on Devices API, covering 1 vulnerability: CVE-2009-2512.
Important to note that this one only affects Windows Vista and Server 2008. Also
important to note that attackers must be on the local subnet to exploit this
vulnerability, so it would either b
4 min
Microsoft
October Microsoft Patch Tuesday Roundup
Time for this month's summary of the latest Microsoft Security updates …
13 advisories, with 34 vulnerabilities covered. Here's the breakdown:
MS09-050: Rated Critical. Potential Remote Code Execution and Denial of Service
in SMBv2, covering 3 vulnerabilities: CVE-2009-2526 (Infinite Loop DoS),
CVE-2009-2532 (Command Value Remote Code Exec), and CVE-2009-3103 (Negotiation
Remote Code Exec). Important to note that this one was listed as a DoS on NVD
while Metasploit and others were insisting
1 min
Microsoft
October Microsoft Patch Tuesday Preview
Wow, because the number of bulletins affecting the number of Windows versions is
pretty staggering. Windows is taking the most lumps this month.
Wow, because Windows7 makes its debut in the monthly dance with 5 updates
(although only the IE update is critical)
Wow, because Bulletin 13 alone affects the following products across the
Microsoft universe:
- Windows 2000 SP4
- Windows XP (SP2 and SP3)
- Windows Server 2003 SP2
- Windows Vista & Vista SP1
- Windows 2008
- Office XP
-